feat(jwt): add hand-rolled compact JWS helpers for ES256/ES256K
Provides minimal RFC 7515 JWT encoder/decoder with:
- encode_compact() to mint signed JWS tokens
- decode_compact() to parse tokens without verification
- verify_compact() to verify signatures against AnyVerifyingKey
Supports both ES256K (secp256k1) and ES256 (P-256) curves.
Includes JwtHeader and JwtClaims structs for atproto service-auth.
7 unit tests verify round-trip encode/decode for both curves, signature
verification failures, malformed input rejection, and curve mismatch detection.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
authored by